-1

I have a simple form which is designed to allow a user to enter numeric values and then sent them to a page which calculates the result.

The problem I'm having is that post variables that includes a space in their name don't seem to be recognised.

The form is created like so:

<?php       
$minerals = mysqli_query($con, "SELECT * FROM items");
?>
<table border='1'>
<tr>
  <td>Product: &nbsp;</td>
  <td>Quanitity: &nbsp;</td>
  <td>Buyback Price: &nbsp;</td>
</tr>

Minerals    
</br>
</br>
<?php
while($row = mysqli_fetch_array($minerals)) {
  echo "<tr>";
  echo "<td>" . $row['name'] . "</td>";
  echo "<td>" . "Amount: <input type='text' value='0' name='" . $row['name'] . "'>" . "</td>";
  echo "<td>" . $row['price'] . "</td>";
  echo "</tr>";
  if($row['name'] == "Morphite") {
    break;
  } 
}
echo "</table>";
?>

And I'm trying to retrieve the post data like so:

echo '<table border="1">';
    echo '<tr><td>Product</td><td>Value</td></tr>';
while($item = mysqli_fetch_array($items)) {
    echo '<tr>';
    echo '<td>';
    echo $item['name']; 
    echo '</td>';
    echo '<td>';
    echo $_POST[$item['name']];
    echo '</td>';
    echo '</tr>';

}
    echo '<tr><td>Total</td><td></td></tr>';
    echo '</table>';

But any 'name' in the database that contains a space causes nothing to be displayed on the other end.

Ashley Stewart
  • 161
  • 1
  • 3
  • 12
  • 2
    Replace all whitespaces with underscope. – Charlotte Dunois Aug 30 '14 at 23:06
  • ... when accessing the `$_POST` array. – mario Aug 30 '14 at 23:07
  • Do the names in DB indeed contain spaces? I.e.: `John Doe` or just `John` or `JohnDoe`? - or how/where do the space(s) come into play, are they entered by the user? You will need to provide us with more details as to how the space(s) play a part in all this, as well as what's in DB under your `name` column. Try `trim()` and/or `str_replace()`. – Funk Forty Niner Aug 30 '14 at 23:15
  • have a look at turning your string into a "slug" (Note: special characters that dont have utf-8 equiv will fail and leak exceptions) http://stackoverflow.com/a/2955878/648350 – haxxxton Aug 30 '14 at 23:20
  • Yes the names in the database do indeed contain spaces such as "Enriched Uranium", these are the names of an item in a game and need to be stored in the db with spaces in. – Ashley Stewart Aug 31 '14 at 01:11

2 Answers2

0

Since you can never be sure what is written in the database (invalid characters for html etc) you should encode this value before using it as inputs name-attribute. So try maybe htmlspecialchars or strip off the spaces and non-printable and invalid characters. Also if you have a primary key (integer) in your database you could use this to identify the record instead of the name.

ynnus
  • 241
  • 2
  • 6
-1

Try replacing

  echo $_POST[$item['name']];

with

  echo $_POST["{$item['name']}"];
Chris J
  • 7,549
  • 2
  • 25
  • 25
  • 1
    -1, those 2 pieces of code are exactly identical in execution. Also, an answer that begins with the word 'try' should nearly always be a comment, not an answer. – Niels Keurentjes Aug 30 '14 at 23:21